Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2024-6756 Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload

🗓️ 24 Jul 2024 02:54:33Reported by WordfenceType 
cvelist
 cvelist🔗 www.cve.org👁 14 Views

The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validatio

Show more
Related
Affected
Refs
ReporterTitlePublishedViews
Family
NVD		CVE-2024-6756
24 Jul 202403:15
nvd
NVD		CVE-2024-6754
24 Jul 202403:15
nvd
Vulnrichment		CVE-2024-6756 Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload
24 Jul 202402:33
vulnrichment
Vulnrichment		CVE-2024-6754 Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template
24 Jul 202402:33
vulnrichment
CVE		CVE-2024-6756
24 Jul 202403:15
cve
CVE		CVE-2024-6754
24 Jul 202403:15
cve
Patchstack		WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Broken Access Control
24 Jul 202400:00
patchstack
Patchstack		WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Arbitrary File Upload
24 Jul 202400:00
patchstack
Cvelist		CVE-2024-6754 Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template
24 Jul 202402:33
cvelist
Wordfence Blog		Wordfence Intelligence Weekly WordPress Vulnerability Report (July 22, 2024 to July 28, 2024)
1 Aug 202414:18
wordfence
Rows per page
[
  {
    "vendor": "WPWeb",
    "product": "Social Auto Poster",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "5.3.14",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
24 Jul 2024 02:33Current
CVSS38.8
EPSS0.00045
CWE-434
wordpressvulnerabilityarbitrary file uploadcontributor levelremote code executioncve-2024-6756cve-2024-6754
14
.json
Report